Fedora Local Security Checks : Fedora Core 2 FEDORA-2004-298 (cdrtools)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.50404

Category: Fedora Local Security Checks

Title: Fedora Core 2 FEDORA-2004-298 (cdrtools)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to cdrtools
announced via advisory FEDORA-2004-298.

cdrtools is a collection of CD/DVD utilities.

Update Information:

Anyone who has manually suid /usr/bin/cdrecord should update to this version.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0806

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

97a97d2384f9ab582736d985f6b8f302 SRPMS/cdrtools-2.01-0.a27.4.FC2.3.src.rpm
6dad4e7c175d300f9d7a0d2338139ca1 x86_64/cdrecord-2.01-0.a27.4.FC2.3.x86_64.rpm
3ca938e1c1c775bb774349e35dcca9c9 x86_64/cdrecord-devel-2.01-0.a27.4.FC2.3.x86_64.rpm
fc4ceb93fb901065cad26be9d6e4b222 x86_64/mkisofs-2.01-0.a27.4.FC2.3.x86_64.rpm
6697f963ed06d27bbafc15dbc4a57e15 x86_64/cdda2wav-2.01-0.a27.4.FC2.3.x86_64.rpm
4426a57a0edcdd96cfcd5235dd97ec86 x86_64/debug/cdrtools-debuginfo-2.01-0.a27.4.FC2.3.x86_64.rpm
df1786fde31756ea0e86cc6681a61036 i386/cdrecord-2.01-0.a27.4.FC2.3.i386.rpm
7290bd23cbdf9f2bd745a0f10e97588e i386/cdrecord-devel-2.01-0.a27.4.FC2.3.i386.rpm
e211f8168b2871d28284a2a51cedfe1a i386/mkisofs-2.01-0.a27.4.FC2.3.i386.rpm
4ad7958b1c95aa4ad4d2309fc6c24bf8 i386/cdda2wav-2.01-0.a27.4.FC2.3.i386.rpm
6279fef62c5fbfa11a8550cd0731f798 i386/debug/cdrtools-debuginfo-2.01-0.a27.4.FC2.3.i386.rpm

This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.

Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-298.shtml

Risk factor : High

CVSS Score:
7.2

Cross-Ref: BugTraq ID: 11075
Common Vulnerability Exposure (CVE) ID: CVE-2004-0806
http://www.securityfocus.org/bid/11075
Bugtraq: 20040909 Bugtraq: cdrecord local root exploit (Google Search)
http://seclists.org/lists/bugtraq/2004/Sep/0097.html
Bugtraq: 20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh (Google Search)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html
CERT/CC vulnerability note: VU#700326
http://www.kb.cert.org/vuls/id/700326
https://bugzilla.fedora.us/show_bug.cgi?id=2058
http://www.mandriva.com/security/advisories?name=MDKSA-2004:091
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805
http://securitytracker.com/id?1011091
http://secunia.com/advisories/12481/
http://secunia.com/advisories/19532
SGI Security Advisory: 20060401-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
XForce ISS Database: cdrecord-rsh-gain-privileges(17303)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17303

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.50404
Category:	Fedora Local Security Checks
Title:	Fedora Core 2 FEDORA-2004-298 (cdrtools)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cdrtools announced via advisory FEDORA-2004-298. cdrtools is a collection of CD/DVD utilities. Update Information: Anyone who has manually suid /usr/bin/cdrecord should update to this version. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0806 This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 97a97d2384f9ab582736d985f6b8f302 SRPMS/cdrtools-2.01-0.a27.4.FC2.3.src.rpm 6dad4e7c175d300f9d7a0d2338139ca1 x86_64/cdrecord-2.01-0.a27.4.FC2.3.x86_64.rpm 3ca938e1c1c775bb774349e35dcca9c9 x86_64/cdrecord-devel-2.01-0.a27.4.FC2.3.x86_64.rpm fc4ceb93fb901065cad26be9d6e4b222 x86_64/mkisofs-2.01-0.a27.4.FC2.3.x86_64.rpm 6697f963ed06d27bbafc15dbc4a57e15 x86_64/cdda2wav-2.01-0.a27.4.FC2.3.x86_64.rpm 4426a57a0edcdd96cfcd5235dd97ec86 x86_64/debug/cdrtools-debuginfo-2.01-0.a27.4.FC2.3.x86_64.rpm df1786fde31756ea0e86cc6681a61036 i386/cdrecord-2.01-0.a27.4.FC2.3.i386.rpm 7290bd23cbdf9f2bd745a0f10e97588e i386/cdrecord-devel-2.01-0.a27.4.FC2.3.i386.rpm e211f8168b2871d28284a2a51cedfe1a i386/mkisofs-2.01-0.a27.4.FC2.3.i386.rpm 4ad7958b1c95aa4ad4d2309fc6c24bf8 i386/cdda2wav-2.01-0.a27.4.FC2.3.i386.rpm 6279fef62c5fbfa11a8550cd0731f798 i386/debug/cdrtools-debuginfo-2.01-0.a27.4.FC2.3.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-298.shtml Risk factor : High CVSS Score: 7.2
Cross-Ref:	BugTraq ID: 11075 Common Vulnerability Exposure (CVE) ID: CVE-2004-0806 http://www.securityfocus.org/bid/11075 Bugtraq: 20040909 Bugtraq: cdrecord local root exploit (Google Search) http://seclists.org/lists/bugtraq/2004/Sep/0097.html Bugtraq: 20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh (Google Search) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html CERT/CC vulnerability note: VU#700326 http://www.kb.cert.org/vuls/id/700326 https://bugzilla.fedora.us/show_bug.cgi?id=2058 http://www.mandriva.com/security/advisories?name=MDKSA-2004:091 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805 http://securitytracker.com/id?1011091 http://secunia.com/advisories/12481/ http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U XForce ISS Database: cdrecord-rsh-gain-privileges(17303) https://exchange.xforce.ibmcloud.com/vulnerabilities/17303
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com